1st, the more negative stuff to [I hope] realistically set expectations.
I’ll be frank – most people don’t care about the effects of installing whatever app, so long as the app works, and bad things don’t start to happen immediately afterward. So there’s not really any current tools available. Some people are concerned about malware or malware-like behavior in an unknown app, but while you might catch some stuff, like a bundled tracking app, unless you’re a security researcher with a special setup, the worst malware is going to sneak right past you. That’s because the coders writing malware know that people are going to run it in a VM [Virtual Machine] to check for bad behavior, so they make sure their malware doesn’t do anything naughty if/when it detects it’s running in a VM. And if you suspect that software might contain malware, you definitely want to check it out in a VM rather than a regular copy of Windows, because if it does contain malware, you could not only trash that copy of Windows, but infect everything connected to the same network.
Having a complete record of the changes made by installing an app can help if/when you want to uninstall that app, but you have to be careful… lots of changes can’t be undone without breaking something, and there’s no master list telling you what you should never undo. There are uninstall apps that can monitor an installation, record the changes, then remove just the safe stuff when you uninstall software you monitored, the key word being Safe – the nature of their hard-coded rules can sometimes mean that there’s little difference from just using whatever software’s regular uninstall routine.
OK, so how do you do it?
You can record changes made to Windows registry using a small app called Regshot but note that the regular version does not work currently in Windows 10 1903 64-bit – instead I use an older app called Regshot2 that does work. If I’m uncertain whether I’ll keep an app or not, I’ll often put a copy of the Regshot2 logs in that program’s folder that I can refer to after uninstalling the app [obviously I copy those logs somewhere else before running uninstall].
raymond[.]cc/blog/tracking-registry-and-files-changes-when-installing-software-in-windows/
afterdawn[.]com/software/system_tools/registry_tools/regshot2_unicode.cfm
Note: there’s another registry hive that you don’t see when you open Windows registry editor, Regedit. It’s poorly documented – the few mentions I’ve found online all have to do with Windows Update – and a software installation can cause a significant portion of that hive to be altered or rewritten. If you monitor changes to the registry when you install whatever software, sometimes you will get roughly 200 – 300 k changes, all including the word Component & sometimes Schema. If you can sort the listing alphabetically, then find the word component from the end of file backwards, towards the start, you can copy paste everything below the last component listing into a new text file for analysis. However it is a drudge trying to process what is often a 75 MB text file.
It’s impractical to do a before & after compare of file snapshots unless the copy of Windows has little to no software installed. One, it simply takes too long, and two, if a file already exists it will not show up if a software install adds its copy of the same file. So, to tell what files and folders are added by a software installation, I use InstallWatch Pro [listed at the 1st link above], running in a Windows 7 32-bit VM with almost no other software installed. It’s an old program that will not work with 64-bit Windows or Windows 10. The files and folders added when you install an app should be in the same places in Windows 7 or 10, though 32-bit Windows uses a single “Program Files” folder as the default for new software, while 64-bit Windows has both “Program Files” and “Program Files (x86)” – the 1st is supposed to be for 64-bit apps, while the 2nd is for 32-bit, but software doesn’t always behave as it should, so if it’s not in one, check the other. Registry settings are also the same between Windows 7 & 10, though 64-bit Windows adds a HKLM\ SOFTWARE\ WOW6432Node\ key heading, where some of an app’s registry entries in 32-bit Windows *may* be relocated.
The original Regshot does include the capability to monitor folders for changes, but personally never cared for the way it works, and as above, it won’t work currently with Windows 10. There is a free app called What Changed, but it’s far too slow. There’s also a modified version of Regshot that you can try to figure out [no idea if or how well it works in what versions of Windows]: sourceforge[.]net/projects/program-installation-monitor/files/Program%20Installation%20Monitor.zip/download
You can sometimes tell -- to an extent -- what files & folders an app’s installation routine will add by expanding the files in the app’s setup file. I use Universal Extractor – the 1st link is to the original, older app, which *to me* works better with .msi setup files, but otherwise I use the newer version at the 2nd link. It doesn’t always work, depending on how the setup file was created, it won’t show you the registry changes that will be made, and sometimes the extracted files will run as if the app was installed, and sometimes they won’t. Sometimes 2 versions of one or more files might be included, one for 32-bit & one for 64-bit Windows, e.g. somefile(1).dll & somefile(2).dll, and sometimes there are directions the setup routine follows that you can read to find out which file version is which, and rename them accordingly. I try to use Universal Extractor with every .msi file, because those Windows Installer files are engineered just so very poorly – if a coder screws up creating an .msi file, it can completely break several other apps that also used .msi setup files.
legroom[.]net/software/uniextract
github[.]com/Bioruebe/UniExtract2
You can use Sysinternals Process Monitor -- docs.microsoft[.]com/en-us/sysinternals/downloads/procmon . Rather than perform a before & after snapshot comparison, Process Monitor records everything that’s happening everywhere in Windows in real time. It’ll work just as well in your regular copy of Windows as in a VM, but the more services and such that are running, the more data you’ll get, and even in a minimal VM the amount of data is overwhelming to say the least. You can use Process Monitor’s built-in filtering to try and, well, filter out all the stuff you don’t need, but even then, you’ll want to work with the data to make it more useful. You can save your results in a CSV or XML file, importing the results into a spreadsheet app where you can at least sort the results, or you might perform sorting and filtering the same way you do that stuff working with Windows or Linux server logs.
The well-known nirsoft[.]net has loads of utilities, and some can be quite useful monitoring software, but be prepared to deal with any security software you’ve got installed, because there’s a very good chance that it will not like Nirsoft stuff At All.